IT Security News Blast 02-23-2018

The Top 5 Financial Markets That Are Open To Attack
Cyber security now has to be among the considerations for investors. When people pore over a forex calendar plotting their currency trades or scour financial news sites gauging the best assets and investments, they might well want to weigh up how secure the market is when it comes to the threat of cybercrime.https://www.informationsecuritybuzz.com/articles/top-5-financial-markets-open-attack/

SWIFT Grift: Fake financial messaging service emails deliver Adwind RAT
Comodo explains that disguising malicious emails as SWIFT communications is particularly effective because money can sometimes provoke can emotional response that overrides critical thinking, making it more likely someone will open the attachment. “If an employee receives an email, they will be afraid to not open it,” the blog post states. “What if they pass up something very important for the enterprise? Could they be punished for not looking into that email? Consequently, the chances that a potential victim will click on the infected file grow.”https://www.scmagazine.com/swift-grift-fake-financial-messaging-service-emails-deliver-adwind-rat/article/745797/

SEC Issues New Guidance for Cyberattack Disclosure
The guidance does not outline specific timeframes for disclosure, nor does it provide exact requirements for what information should be reported. It also acknowledges the potential sensitivity of information that companies should disclose: “We do not expect companies to publicly disclose specific, technical information about their cybersecurity systems…in such detail as would make such systems, networks, and devices more susceptible to a cybersecurity incident,” it states.http://www.hcanews.com/news/sec-issues-new-guidance-for-cyberattack-disclosure

The price of failure: How budget impacts cyber risk
Many C-suite managers have declared cyber-security a, if not the, chief concern, with spending expected to exceed $1T over the next four years. That sounds like a lot, until you dig a little deeper. First, $1T represents a miserly 1% of revenue per year. Second, damages related to cyber-attacks are predicted to soar to $6T per annum over the same period. Damages, in other words, are on track to outstrip costs by a factor of 24:1.http://dofonline.co.uk/2018/02/22/price-failure-budget-impacts-cyber-risk/

Securing the Network: What Three Key Verticals Require
The new Internet of Medical Things (IoMT) poses an especially significant challenge. These devices, along with the web applications patients use to interact with them, are often programmed to access classified information stored on hospital networks. Too often, these IoMT devices are not built with security as a primary consideration, which makes them an attractive entryway into healthcare networks for cybercriminals.https://www.csoonline.com/article/3257228/security/securing-the-network-what-three-key-verticals-require.html

How airplane crash investigations can improve cybersecurity
As cybersecurity incidents proliferate around the country and the globe, businesses, government agencies and the public shouldn’t wait for an inevitable disaster before investigating, understanding and preventing these failures. Nearly a century after the original Air Commerce Act in 1926, calls, including my own, are mounting for the information industry to take a page from aviation and create a cybersecurity safety board.https://phys.org/news/2018-02-airplane-cybersecurity.html

Interpol warns IoT devices at risk
As attacks proliferate, law enforcement struggles to keep up, according to a report in the Express. “Attacks on IoT devices such as internet connected fridges, TVs, smart home devices etc. are down to flaws in the software running on them, and attacks will continue to happen until those flaws are dealt with. Good practices by vendors around configuration and authentication need to be initiated or matured to prevent this in future[.]”https://www.scmagazine.com/interpol-warns-iot-devices-at-risk/article/746147/

Election cybersecurity is a race with no finish line
Cybersecurity strategies are now a necessary part of election administration everywhere. They’re time-consuming, and they’re expensive. Maintaining our election excellence demands maximum effort. That’s why my office will seek help from the Legislature to make sure that we have the tools we need to keep our system secure. We can’t afford to let our efforts lag for lack of resources. Fortunately, the Legislature has shown bipartisan leadership on this issue in the recent past, providing funds to help local governments replace aging election equipment.https://www.twincities.com/2018/02/22/steve-simon-election-cybersecurity-is-a-race-with-no-finish-line/

Why states might win the net neutrality war against the FCC
The FCC says it can preempt state net neutrality laws because broadband is an interstate service (in that Internet transmissions cross state lines) and because state net neutrality rules would subvert the federal policy of non-regulation. But the FCC’s preemption powers are limited, and not everyone is convinced the FCC can actually stop states from protecting net neutrality. Even among legal experts who support net neutrality, there is no consensus.https://arstechnica.com/tech-policy/2018/02/why-ajit-pai-might-fail-in-quest-to-block-state-net-neutrality-laws/

That microchipped e-passport you’ve got? US border cops still can’t verify the data in it
To be clear: America’s border cops can wirelessly read a traveler’s personal data from the implanted chip. The officials just don’t have the tools to check if the records are, you know, legit, and therefore check whether a person queuing to enter the Land of the Free is who they say they are, when using this embedded tech.https://www.theregister.co.uk/2018/02/22/us_borders_e_passports/

Hackers spread Android spyware through Facebook using Fake profiles
Upon analyzing the scam, researchers quickly identified that the profiles used in the scam were fake, stolen images from real people and used without their knowledge or consent. The women lured the victim to click on the link and install the latest version of Kik Messenger app on their device in order to continue their “flirty conversations”.https://www.hackread.com/hackers-spread-android-spyware-facebook-using-fake-profiles/

Cryptojacking Attack Found on Los Angeles Times Website
Researchers said they found cyptojacking code hidden on the Los Angeles Times’ interactive Homicide Report webpage that was quietly harnessing visitors’ CPUs to mine Monero cryptocurrency. The cryptojacking incident was found by Troy Mursch, a security researcher at Bad Packets Report, on Wednesday. He said the cryptominer has since been killed off. The cryptominer in question was made by Coinhive, a company that offers a Monero JavaScript miner to websites as a nontraditional way to monetize website content.https://threatpost.com/cryptojacking-attack-found-on-los-angeles-times-website/130041/

Bad news: 43% of login attempts ‘malicious’ Good news: Er, umm…
“Credential abuse” is an increasingly popular line of attack, thanks in large part to the readily availability of huge user/password databases that has been stolen and are sold online. Akamai identifies two main types of such attacks: “bursty, high-speed login attempts” to break into people’s accounts, and “low and slow attempts to avoid apprehension by spreading login tries across longer time periods,” again to gain unauthorized access to profiles and systems.https://www.theregister.co.uk/2018/02/21/login_attempts_malicious_akamai/

Want more cybersecurity information?

We may also occasionally send you information about Critical Informatics products and solutions; you can unsubscribe at anytime if desired.

Leave this field empty if you're human:

About Critical Informatics

We are world-class information security professionals providing Managed Detection and Response services to help you be secure, compliant, and resilient against threats to the life safety, life-sustaining, and quality-of-life systems and services you provide to clients, customers, constituents, and communities.